Last days are rich for reports regarding new 0day vulnerabilities and exploits. Last weekend the leaked data of Hacking Team was analyzed and there were found two 0day exploits in Adobe Flash. Also a new zero-day exploit was discovered in Java. The last report about 0day vulnerability in Java was made almost two years ago. Trend Micro has announced the detection of zero-day vulnerabilities in Java version 18.104.22.168 (keep in mind that versions 1.6 and 1.7 are not affected by this exploit).
During the investigation of a series of attacks, known as Operation Pawn Storm, the company’s experts have discovered a new targeted attack. They presume that behind the Operation Pawn storm there is a group of hackers, also known as APT28, Sednit, Fancy Bear or Tsar Team. New attack exploits some unknown vulnerability in Java. URLs used for attacks were already noticed by Trend Micro back in April 2015 when hackers began to target NATO and the White House. Presumably the same hackers were against representatives of the defense industry, media and other public organizations and political activities. The Asia-Pacific Economic Cooperation Summit and National Security in the Middle East in 2014 were also targeted by those hackers.
Trend Micro didn’t reveal any details about the attack, nor about a new vulnerability, probably because there is no patch for it yet. We just know that for this 0day vulnerability there is already a malware. TROJ_DROPPR.CXC leaves traces such as TSPY_FAKEMS.C in user’s home directory.
Of course, the vulnerability is already reported to the Oracle and as long as they are working on patch, Trend Micro recommends that you disable Java in the browsers.